False number of nodes detected

Elastic Stack Elasticsearch
1

I have made a basic ELK install about a month ago, i had some performance problems but they were fixed as soon i have disabled swapping and increased heap size.

I'm still wondering:

  • why LS report 2 nodes, and in fact i have only 1?
  • why do i have unnsasigned shards?
  • how to fix these.

Thanks

root@machine:~# curl -XGET http://localhost:9200/_cluster/health?pretty
{
  "cluster_name" : "elasticsearch",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 2,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 121,
  "active_shards" : 121,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 121
2

The extra node is most likely Logstash running as a node client. Issue a /_nodes request to find out details about the nodes in the cluster.

Since you only have one data node (the Logstash node isn't a data node), ES won't be able to allocate the replica shards since replicas aren't allowed on the same node as the primaries. If you add another data node the replica shards will be allocated there. If you don't plan on having more than one node you should reduce the replica count to zero.

3

Thanks for the answer, really helpful. Indeed i have logstash on the sama server.
I do not intend to have another node, so what to do to disable the replica shard?
What can i achieve by having another replica node, i do have resources available to create another node, so in case it's helpful i can add one, but i need to know why. maybe you could point me to some beginers guide of ELK.

4

There are REST APIs for changing the replica count of existing indexes, or you can use a dashboard plugin like kopf. To change it for new indexes you should update the index template used by Logstash. Have a look at the template configuration parameter for Logstash's elasticsearch output plugin. The documentation of how this works is unfortunately a bit scarce, but google it if you can't figure it out.

What can i achieve by having another replica node, i do have resources available to create another node, so in case it's helpful i can add one, but i need to know why. maybe you could point me to some beginers guide of ELK.

There are no replica nodes in an ES cluster. All nodes are equal, but for a given index there can be both primary shards and replica shards. When a shard has a replica on another node you can lose one node without affecting the operations of the cluster, i.e. you can reboot, replace, or upgrade a node with no downtime.

There's a lot of documentation on elastic.co and countless other people have written blog posts etc.